Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/Eb67nR4_r4j8Qlyfns20ti-cJT8.roa
File:                     Eb67nR4_r4j8Qlyfns20ti-cJT8.roa (raw, json)
Hash identifier:          lFVr25uX8drF2iD9dDrV81ECiahOTdUT7rmBW8WFEjc=
Subject key identifier:   11:BE:BB:9D:1E:3F:AF:88:FC:42:5C:9F:9E:CD:B4:B6:2F:9C:25:3F
Certificate issuer:       /CN=666034ca6a16bbd0144abdf5cf2458f968b1589c
Certificate serial:       01982F77A09F4FE19FAD21E645BB1B1BD5DA
Authority key identifier: 66:60:34:CA:6A:16:BB:D0:14:4A:BD:F5:CF:24:58:F9:68:B1:58:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmA0ymoWu9AUSr31zyRY-WixWJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/Eb67nR4_r4j8Qlyfns20ti-cJT8.roa
Signing time:             Tue 22 Jul 2025 00:10:25 +0000
ROA not before:           Tue 22 Jul 2025 00:10:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34170
IP address blocks:        80.69.48.0/24 maxlen: 24
                          80.69.49.0/24 maxlen: 24
                          80.69.50.0/24 maxlen: 24
                          80.69.51.0/24 maxlen: 24
                          80.69.53.0/24 maxlen: 24
                          80.69.56.0/24 maxlen: 24
                          80.69.57.0/24 maxlen: 24
                          80.69.60.0/24 maxlen: 24
                          91.135.240.0/24 maxlen: 24
                          91.135.241.0/24 maxlen: 24
                          91.135.242.0/24 maxlen: 24
                          91.135.243.0/24 maxlen: 24
                          91.135.244.0/24 maxlen: 24
                          91.135.252.0/24 maxlen: 24
                          91.135.253.0/24 maxlen: 24
                          92.39.90.0/24 maxlen: 24
                          92.39.91.0/24 maxlen: 24
                          92.39.92.0/24 maxlen: 24
                          92.39.93.0/24 maxlen: 24
                          92.39.94.0/24 maxlen: 24
                          158.181.34.0/24 maxlen: 24
                          158.181.37.0/24 maxlen: 24
                          158.181.38.0/24 maxlen: 24
                          158.181.39.0/24 maxlen: 24
                          158.181.44.0/23 maxlen: 23
                          158.181.46.0/23 maxlen: 23
                          185.92.224.0/24 maxlen: 24
                          185.92.225.0/24 maxlen: 24
                          185.92.226.0/24 maxlen: 24
                          185.105.196.0/24 maxlen: 24
                          185.105.197.0/24 maxlen: 24
                          185.105.198.0/24 maxlen: 24
                          185.105.199.0/24 maxlen: 24
                          212.47.152.0/24 maxlen: 24
                          212.47.154.0/24 maxlen: 24
                          212.47.155.0/24 maxlen: 24
                          212.47.156.0/24 maxlen: 24
                          212.47.157.0/24 maxlen: 24
                          212.47.158.0/24 maxlen: 24
                          2a05:8200::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/ZmA0ymoWu9AUSr31zyRY-WixWJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/ZmA0ymoWu9AUSr31zyRY-WixWJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmA0ymoWu9AUSr31zyRY-WixWJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2f:77:a0:9f:4f:e1:9f:ad:21:e6:45:bb:1b:1b:d5:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=666034ca6a16bbd0144abdf5cf2458f968b1589c
        Validity
            Not Before: Jul 22 00:10:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11bebb9d1e3faf88fc425c9f9ecdb4b62f9c253f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:be:76:d2:04:71:8e:5d:a2:10:42:8a:ce:9d:
                    5f:d5:bf:16:3e:10:e2:d7:77:ed:43:21:fb:7a:84:
                    42:c2:b9:30:98:83:6c:cf:87:20:36:05:35:ad:76:
                    b4:5c:2c:37:0e:6c:c3:5b:0b:83:f3:d3:5c:23:d8:
                    83:e6:63:72:8f:9e:2f:ca:1a:70:14:c1:8e:c0:e0:
                    3a:d2:d6:00:cb:5c:63:55:9b:9a:b5:43:b3:73:88:
                    5e:51:6f:f6:4e:39:9e:79:26:16:9e:8b:38:ff:b3:
                    da:20:f1:55:53:6c:98:d0:28:82:dd:ab:a9:70:d0:
                    cf:cd:9f:f5:c4:13:36:ea:24:7d:03:aa:d1:9f:ee:
                    4e:58:01:9a:67:5b:da:d6:a9:59:72:26:56:d0:b7:
                    59:0b:08:0e:07:65:5c:20:ff:6e:22:73:8d:76:b9:
                    23:36:93:fa:ca:1a:61:a4:57:42:91:b3:fd:56:33:
                    85:e1:b4:50:6b:6a:bb:fa:21:54:65:73:b5:1f:c1:
                    d9:d6:3f:7f:9d:f7:2c:b1:a3:88:d4:b4:7c:e7:91:
                    69:5c:2b:d8:78:65:3c:76:c9:a6:aa:2f:e3:08:cb:
                    3a:ac:5a:71:86:d9:95:fd:ab:e1:a3:f1:6b:98:cb:
                    05:8d:89:c9:45:2b:5f:2c:1b:69:26:97:d0:dd:5c:
                    db:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:BE:BB:9D:1E:3F:AF:88:FC:42:5C:9F:9E:CD:B4:B6:2F:9C:25:3F
            X509v3 Authority Key Identifier:
                keyid:66:60:34:CA:6A:16:BB:D0:14:4A:BD:F5:CF:24:58:F9:68:B1:58:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmA0ymoWu9AUSr31zyRY-WixWJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/Eb67nR4_r4j8Qlyfns20ti-cJT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f4b733-29ad-4d56-b9d2-5d48bcd7c1dc/1/ZmA0ymoWu9AUSr31zyRY-WixWJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.69.48.0/22
                  80.69.53.0/24
                  80.69.56.0/23
                  80.69.60.0/24
                  91.135.240.0-91.135.244.255
                  91.135.252.0/23
                  92.39.90.0-92.39.94.255
                  158.181.34.0/24
                  158.181.37.0-158.181.39.255
                  158.181.44.0/22
                  185.92.224.0-185.92.226.255
                  185.105.196.0/22
                  212.47.152.0/24
                  212.47.154.0-212.47.158.255
                IPv6:
                  2a05:8200::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:63:1d:af:c8:08:23:09:ad:a4:7e:07:f6:2b:ac:62:47:a0:
         82:2a:6e:8c:09:4d:4e:f2:ad:a4:53:43:40:09:5d:76:4e:cf:
         30:6a:dd:29:b0:19:ec:9b:c6:f5:33:bd:89:0f:0b:f6:71:4f:
         82:34:92:9d:48:61:35:2e:c0:91:1e:ec:d3:87:fd:7b:17:9d:
         84:da:70:20:81:25:b7:0c:84:4b:27:a9:69:59:7d:47:f9:2e:
         44:d8:be:df:45:49:f0:b6:30:24:63:f2:3d:c8:4c:f6:47:68:
         8d:4f:65:49:8d:dc:30:fd:b7:ba:1d:41:31:64:64:77:a8:0c:
         13:d4:6c:ef:28:a4:9c:4a:60:14:41:2c:53:03:c0:38:8b:a7:
         22:8c:89:59:29:cd:44:90:7f:41:97:5b:0a:e2:bc:d6:67:4c:
         a3:59:0a:aa:b7:46:8b:50:45:e3:25:32:4c:9c:29:c4:95:01:
         61:88:2d:3e:d6:44:30:ff:37:6a:25:08:4e:dd:b0:ca:a9:1b:
         6a:7b:90:c6:5a:89:f5:c8:4b:3f:2a:d4:fd:a8:cc:95:75:50:
         54:1e:51:d3:eb:a8:d9:ce:d8:86:e0:47:b4:32:cb:5f:89:5d:
         be:3f:91:9f:61:97:d4:2c:67:f0:5b:0f:54:eb:60:b5:c8:d0:
         ec:e0:b2:d6
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAZgvd6CfT+GfrSHmRbsbG9XaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjAzNGNhNmExNmJiZDAxNDRhYmRmNWNmMjQ1OGY5Njhi
MTU4OWMwHhcNMjUwNzIyMDAxMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWJlYmI5ZDFlM2ZhZjg4ZmM0MjVjOWY5ZWNkYjRiNjJmOWMyNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7520gRxjl2iEEKKzp1f1b8WPhDi
13ftQyH7eoRCwrkwmINsz4cgNgU1rXa0XCw3DmzDWwuD89NcI9iD5mNyj54vyhpw
FMGOwOA60tYAy1xjVZuatUOzc4heUW/2TjmeeSYWnos4/7PaIPFVU2yY0CiC3aup
cNDPzZ/1xBM26iR9A6rRn+5OWAGaZ1va1qlZciZW0LdZCwgOB2VcIP9uInONdrkj
NpP6yhphpFdCkbP9VjOF4bRQa2q7+iFUZXO1H8HZ1j9/nfcssaOI1LR855FpXCvY
eGU8dsmmqi/jCMs6rFpxhtmV/avho/FrmMsFjYnJRStfLBtpJpfQ3VzbpwIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFBG+u50eP6+I/EJcn57NtLYvnCU/MB8GA1UdIwQY
MBaAFGZgNMpqFrvQFEq99c8kWPlosVicMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1BMHltb1d1OUFVU3IzMXp5UlktV2l4V0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9mNGI3MzMtMjlhZC00ZDU2LWI5ZDIt
NWQ0OGJjZDdjMWRjLzEvRWI2N25SNF9yNGo4UWx5Zm5zMjB0aS1jSlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9mNGI3MzMtMjlhZC00ZDU2LWI5ZDItNWQ0OGJjZDdjMWRj
LzEvWm1BMHltb1d1OUFVU3IzMXp5UlktV2l4V0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDCBggQCAAEwfAMEAlBF
MAMEAFBFNQMEAVBFOAMEAFBFPDAMAwQEW4fwAwQAW4f0AwQBW4f8MAwDBAFcJ1oD
BABcJ14DBACetSIwDAMEAJ61JQMEA561IAMEAp61LDAMAwQFuVzgAwQAuVziAwQC
uWnEAwQA1C+YMAwDBAHUL5oDBADUL54wDQQCAAIwBwMFAyoFggAwDQYJKoZIhvcN
AQELBQADggEBAA5jHa/ICCMJraR+B/YrrGJHoIIqbowJTU7yraRTQ0AJXXZOzzBq
3SmwGeybxvUzvYkPC/ZxT4I0kp1IYTUuwJEe7NOH/XsXnYTacCCBJbcMhEsnqWlZ
fUf5LkTYvt9FSfC2MCRj8j3ITPZHaI1PZUmN3DD9t7odQTFkZHeoDBPUbO8opJxK
YBRBLFMDwDiLpyKMiVkpzUSQf0GXWwrivNZnTKNZCqq3RotQReMlMkycKcSVAWGI
LT7WRDD/N2olCE7dsMqpG2p7kMZaifXISz8q1P2ozJV1UFQeUdPrqNnO2IbgR7Qy
y1+JXb4/kZ9hl9QsZ/BbD1TrYLXI0OzgstY=
-----END CERTIFICATE-----
Generated at Sun Jul 27 23:48:32 2025 by rpki-client